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Remarks 

Claims 1-12, 14-21, 24, 26, and 27 are pending. 

Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
8/8/2007 has been entered. 

Claim Objections 

2. Claims 24 and 26 are objected to because of the following informalities: These 
claims still do not have a consistent use of "wireless device" versus "wireless client". 
The first recitation of wireless client refers to "the wireless client", which does not have 
antecedent basis. For purposes of prior art rejection, all recitations of "wireless client" 
have been construed as "wireless device". Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

- The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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3. Claims 1-12, 14-21, 24, 26, and 27 are rejected under 35 U.S.C. 112, first 
paragraph, as failing to comply with the written description requirement. The claim(s) 
contains subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the time the 
application was filed, had possession of the claimed invention. The claims now recite 
having a first party, second party, and server. One party will establish a secure tunnel 
with the server in order to obtain a shared secret. Once this shared secret is obtained, 
it will be used to establish a subsequent secure tunnel between the first and second 
parties. Taking claim 1 as an example, the final limitation includes authenticating a 
relationship between the first and second parties within the subsequent secure tunnel. 
The examiner can only find basis for authenticating such a relationship using the server 
(the server authenticates the first party, generates the shared secret, then distributes 
the shared secret to a second party, e.g. the AP). There is no authentication of the 
client and the AP within a tunnel between them, except to say that the two entities 
sharing the key mutually authenticates both entities, since they both trust the server and 
the server trusts them. It is additionally noted that the specification refers to the server 
being the second party in most instances, only referring to an AP or the like a few times. 
For purposes of prior art rejection, the authentication of a relationship between the first 
party and second party as in claims 1 and 17, or first wireless device mutually 
authenticating with a second wireless device as in claim 24, has been construed as the 
procedure just described (authentication between the first party and the server, thus 
generating a shared secret, mutually authenticating within a tunnel between the first and 
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second parties solely by the parties being, able to mutually communicate using the same 
keying material). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

. 4. Claims 1-6, 9, 10, 12, 14-21, 24, 26, and 27 are rejected under 35 U.S.C. 102(b) 
as being anticipated by Funk (PAUL FUNK, Simon Blake Wilson; "draft-ietf-pppext-eap- 
ttls-02.txt: EAP Tunneled TLS Authentication Protocol (EAP-TTLS)"; Internet-Draft 
PPPEXT Working Group; 30 Nov. 2002, pp. 1-40). 
Regarding Claim 1, 

Funk discloses a method of authenticating communication between 
a first and a second party, the method comprising: 

Provisioning a shared secret between the first party and the second 
party, the provisioning a shared secret comprises establishing a secure 
tunnel between the first part and a server using asymmetric encryption 
and receiving the shared secret via the second tunnel between the first 
party and the server (Pages 9-10, section 4.3; and Pages 11-13, sections 
6-6.2); 
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Establishing a subsequent secure tunnel between the first party 
and the second party using the shared secret and mutually deriving a 
tunnel key using symmetric cryptography based on the shared secret 
(Pages 9-10, section 4.3; Pages 11-13, sections 6-6.2; and Page 16, 
section 7); and 

Authenticating a relationship between the first party and the second 
party within the subsequent secure tunnel (Pages 8-10, sections 4.1-4.3; 
Pages 11-13, sections 6-6.2; and Page 20, section 10). 
Regarding Claim 17, 

Claim 17 is a system claim that corresponds to method claim 1 and 
is rejected for the same reasons. 
Regarding Claim 2, 

Funk discloses protecting the termination of the authenticated 
conversation by use of a tunnel encryption and authentication to protect 
against denial of service by an unauthorized user (Pages 9-15, sections 
4.3-6.4). 
Regarding Claim 3, 

Funk discloses that the step of provisioning occurs within a wired 
implementation (Pages 4-5, section 2). 
Regarding Claim 19, 

Claim 19 is a system claim that corresponds to method claim 3 and 
is rejected for the same reasons. 
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Regarding Claim 4, 

Funk discloses that the step of provisioning occurs within a wireless 
implementation (Pages 4-5, section 2). 
Regarding Claim 18, 

Claim 18 is a system claim that corresponds to method claim 4 and 
is rejected for the same reasons. 
Regarding Claim 5, 

Funk discloses that the shared secret is a protected access 
credential (PAC) (Pages 9-10, section 4.3; and Pages 11-13, sections 6- 
6.2). 

Regarding Claim 20, 

Claim 20 is a system claim that corresponds to method claim 5 and 
is rejected for the same reasons. 
Regarding Claim 6, 

Funk discloses that the protected access credential includes a 
protected access credential key (Pages 11-16, sections 6-7). 
Regarding Claim 9, 

Funk discloses that the protected access credential includes a 
protected access credential opaque element (Pages 3-4, section 1 ; and 
Pages 10-13, sections 5-6.2). 
Regarding Claim 10, 
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Funk discloses that the protected access credential includes a 
protected access credential information element (Pages 11-13, sections 6- 
6.2). 

Regarding Claim 12, 

Funk discloses that the step of provisioning occurs through in-band 
mechanisms (Pages 11-13, sections 6-6.2). 
Regarding Claim 14, 

Funk discloses that the step of establishing a tunnel key further 
includes the step of establishing a session key seed deriving a master 
session key used for authenticating the relationship (Pages 11-16, 
sections 6-7). 
Regarding Claim 15, 

Funk discloses that the step of authenticating is performed using 
EAP-GTC (Pages 21-22, section 10.2.1). 
Regarding Claim 16, 

Funk discloses that the step of authenticating is performed using 
Microsoft MS-CHAP v2 (Pages 23-24, section 10.2.4). 
Regarding Claim 21, 

, Funk discloses that the wireless network is an 802.1 1 wireless 
network (Pages 4-5, section 2). 
Regarding Claim 24, 

Funk discloses a wireless device comprising: 
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The wireless device is configured to receive a shared secret 
between the wireless device and a second wireless device by establishing 
a secure tunnel with a server using asymmetric encryption, wherein the 
shared secret is received via the second tunnel (Pages 9-10, section 4.3; 
and Pages 11-13, sections 6-6.2); 

The wireless device is configured to establish a subsequent secure 
tunnel between the wireless device and the second wireless device using 
a shared secret to mutually derive a tunnel key using symmetric 
cryptography based on the shared secret (Pages 9-10, section 4.3; Pages 
11-13, sections 6-6.2; and Page 16, section 7); and 

The wireless device is configured to mutually authenticate with the 
second wireless device employing the subsequent secure tunnel (Pages 
8-10, sections 4.1-4.3; Pages 11-13, sections 6-6.2; and Page 20, section 
10). 

Regarding Claim 26, 

Funk discloses that establishing a secure tunnel further comprises 
establishing a session key seed for deriving a master session key for 
mutually authenticating the second wireless device employing the secure 
tunnel (Pages 11-16, sections 6-7). 
Regarding Claim 27, 

Funk discloses establishing a plurality of subsequent secure 
tunnels between the fist party and second party using the shared secret 
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acquired from the server during provisioning (Pages 11-15, sections 6- 
6.4). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 5-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Funk in view of Downnard (Downnard, Ian, "Public-key cryptography extensions into 
Kerberos", IEEE, December 2002/January 2003, pp. 30-34). ' 
Regarding Claim 5, 

Funk discloses that the shared secret is a protected access 
credential (PAC) (Pages 9-10, section 4.3; and Pages 11-13, sections 6- 
6.2); but may not disclose the specifics of such a PAC. 

Downnard, however, discloses that the shared secret is a protected 
access credential (PAC) (Pages 30 and 32, Kerberos and PKINIT 
sections). It is noted that the specifics of how Kerberos works is found in 
Schneier, pages 566-571, as provided previously, or RFC 1510, as 
discussed in Downnard. It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the public- 
key-extended Kerberos system of Downnard into the EAP-TTLS system of 
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Funk in order to ensure authentication of the entities wishing to 
communicate as well as a trusted party that distributes shared secret 
information, while improving security and scalability through use of public 
keys for initial authentication. 

Regarding Claim 6, 

Funk as modified by Downnard discloses the method of claim 5, in 
addition, Downnard discloses that the protected access credential 
includes a protected access credential key (Pages 30 and 32, Kerberos 
and PKINIT sections). 

Regarding Claim 7, 

Funk as modified by Downnard discloses the method of claim 6, in 
addition, Funk discloses that the protected access credential key is a 
strong entropy key (Page 16, section 7); and Downnard discloses that the 
protected access credential key is a strong entropy key (Table 1; and 
Pages 30 and 32, Kerberos and PKINIT sections). 

Regarding Claim 8, 

Funk as modified by Downnard discloses the method of claim 7, in 
addition, Downnard discloses that the entropy key is a 32-octet key (Table 
1; and Pages 30 and 32, Kerberos and PKINIT sections). 

Regarding Claim 9, 

Funk as modified by Downnard discloses the method of claim 6, in 
addition, Downnard discloses that the protected access credential 
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includes a protected access credential opaque element (Pages 30 and 32, 
Kerberos and PKINIT sections). 
Regarding Claim 10, 

Funk as modified by Downnard discloses the method of claim 6, in 
addition, Downnard discloses that the protected access credential 
includes a protected access credential information element (Pages 30 and 
32, Kerberos and PKINIT sections). 
Regarding Claim 11, 

Funk does not explicitly disclose that the step of provisioning 
occurs through out-of-band mechanisms. 

Downnard, however, discloses that the step of provisioning occurs 
through out-of-band mechanisms (Pages 30 and 32, Kerberos and PKINIT 
sections). It would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to incorporate the public-key-extended 
Kerberos system of Downnard into the EAP-TTLS system of Funk in order 
to ensure authentication of the entities wishing to communicate as well as 
a trusted party that distributes shared secret information, while improving 
security and scalability through use of public keys for initial authentication. 

Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Jeffrey D Popham 

Examiner 

Art Unit 2137 




